POPULARITY
Boost data security and automate prioritization for data alerts with Security Copilot-powered Alert Triage Agents for Microsoft Purview Data Loss Prevention and Insider Risk Management. Surface the highest-risk alerts across your environment, no matter their default severity, and take action. Customize how your agents reason, teach them what matters to your organization, and continuously refine to reduce time-to-resolution. Talhah Mir, Microsoft Purview Principal GPM, shows how to triage, investigate, and contain potential data risks before they escalate. ► QUICK LINKS: 00:00 - Agents in Microsoft Purview 00:58 - Alert Triage Agent for DLP 01:54 - Customize Agents 03:32 - View prioritized alerts 05:17 - Calibrate Agent Behavior with Feedback 06:38 - Track Agent Performance and Usage 07:34 - Wrap up ► Link References Check out https://aka.ms/PurviewTriageAgents ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Live from the M365 Community Conference in Las Vegas, Stephen and Arvind break down the biggest announcements in OneDrive, SharePoint, and Microsoft 365—from mind-blowing Copilot demos to Sync deployment best practices. Plus, guest Vlad Catrinescu shares insights on governance, Copilot readiness, and the power of community. Whether you're an admin, end user, or AI enthusiast, this episode has something for everyone. Click here for this episode's transcript. Click here to Subscribe to SyncUp on YouTube. Stephen Rice | LinkedIn | co-host Arvind Mishra | LinkedIn | co-host Vlad Catrinescu | Vlad Talks Tech | guest OneDrive | Twitter | Blog | Newsletter Microsoft OneDrive Blog - Microsoft Community Hub OneDrive Office Hours Sign Up: https://techcommunity.microsoft.com/t5/microsoft-onedrive-blog/introducing-onedrive-customer-office-hours/ba-p/3741494 Microsoft Podcasts – Stay connected, informed, and entertained with original podcasts from Microsoft Podcasts & Shows – Microsoft Adoption Microsoft Community Learning - YouTube
Is your browser secure in the age of SaaS? Join SADA's Rocky Giglio and Google's Aaron Hix as they explore the power of Chrome Enterprise Premium on Cloud & Clear! Hear firsthand how Chrome Enterprise Premium has transformed real businesses, and discover how you can simplify IT management and enhance security across your organization. Tune in to find out how Chrome Enterprise Premium can transform your security strategy! Join us for more content by liking, sharing, and subscribing!
Parisa Tabriz is vice president and general manager for Google Chrome, the world's leading browser platform. She leads efforts to make Chrome a secure and essential enterprise workspace, integrating AI and advanced cybersecurity to meet evolving business needs. In this episode, Parisa joins Bob to explore how Chrome is redefining the browser as a productivity and security platform, the role of AI in enterprise protection, and what's next for Chrome's innovations.Chrome at Google Cloud NextThe Big Themes:Chrome's Evolution into a Central Productivity and Security Platform: Over the past 17 years, Chrome has transformed from a simple web browser into a comprehensive platform integral to enterprise productivity and security. Users now spend a significant portion of their workday within Chrome, utilizing it for tasks ranging from document editing to video conferencing. This shift has positioned Chrome as the new endpoint in enterprise environments.Simplifying Enterprise Security with Chrome: Complexity is often the enemy of security. Chrome aims to simplify enterprise security by integrating protective measures directly into the browser, reducing the need for multiple, potentially conflicting security solutions. Features like automatic updates, built-in phishing protection, and centralized policy management allow IT teams to maintain a secure environment with less overheads.Personalization, Governance, and AI Empowerment: Chrome prioritizes features that allow organizations to personalize user experiences while maintaining strict governance over data and AI usage. Tools like data masking, controlled copy-paste functionalities, and the ability to designate approved AI applications help prevent data leaks and ensure compliance with internal policies. By providing these controls, Chrome empowers enterprises to harness the benefits of AI technologies responsibly.The Big Quote: ". . . the browser is the place where you can give people access to the benefits [of AI], but also make sure that you have the controls and governance to turn it off or make sure that your employees aren't copying and pasting data into an unsanctioned AI surface."More from Parisa Tabriz and Google Chrome:Connect with Parisa on LinkedIn or learn more about Google Chrome.
What kind of founder spends five years building a product before going to market? One who's trying to solve a very hard problem. Vince Gaydarzhiev is the founder of Alcatraz, a deep tech startup that uses facial authentication. The platform isn't used to lock people out of single offices or consumer gadgets; its customers are buying global enterprise security, where compliance is strict, trust is earned, and failure isn't an option. In this episode, Vince shares the emotional, strategic, and technical realities of building a company at the intersection of AI, hardware, and enterprise infrastructure. From working nights on prototypes with a tiny team to navigating founder isolation and breaking into risk-averse markets with no Silicon Valley network, Vince takes us inside the long game of building something real. We cover: Why it took three years to get a product into customer hands — and two more to scale it Validating a deep tech startup when you're not an insider What enterprise security leaders really care about (and how not to sell to them) Why founder empathy and “becoming your customer” are non-negotiable in this space The hiring philosophy that helped Alcatraz scale with high-agency, low-ego team members How Vince de-risked himself to earn trust from investors and prospective hires If you're building something technically ambitious or thinking about launching a startup in AI, hardware, or security, listen in. RUNTIME 32:15 EPISODE BREAKDOWN (2:35) Where the idea for Alcatraz came from and why Vince decided to take the leap (5:51) His process for validating the concept with investors, customers, and security teams (9:37) “I was surprised that this thing didn't exist yet.” (11:48) Why it took five years to develop a “globally scalable” minimum viable product (13:29) How much has his TAM estimate changed since entering the market? (17:55) The pitch Vince used to recruit employees away from Apple and other top companies (20:05) “ In 2016, investors were investing into companies purely on a deck.” (22:18) “ I had zero network. It was my first time.” (24:42) “ Many people mentally cannot take ‘nos' in bulk. They get depressed, they feel it's personal.” (26:50) Why the name “Alcatraz?” (28:12) “ It's really tough to work with people that you don't like. Very tough. It's never gonna work out.” (30:24) The one question Vince would have to ask the CEO if he were interviewing at an early-stage startup LINKS Vince Gardarzhiev Alcatraz Alcatraz AI Raises $6.1M in Funding for Frictionless Access Control, 4/27/2021, press release Alcatraz AI Receives $25M Series A Funding to Accelerate International Growth, 9/13/2022, press release SUBSCRIBE
The emergence of the enterprise browser represents a significant step forward in cyber security innovation. Ignoring this evolution is no longer an option for security-conscious organizations looking to stay ahead of the curve in the ongoing cyber arms race
Investigate data security, risk and leak cases faster by leveraging AI-driven insights with Microsoft Purview Data Security Investigations. This goes beyond the superficial metadata and activity-only signals found in incident management and SIEM tools, by analyzing the content itself within compromised files, emails, messages, and Microsoft Copilot interactions. Data Security Investigations allows you to pinpoint sensitive data and assess risks at a deeper level—quickly understanding the value of what's been exposed. Then by mapping connections between compromised data and activities, you can easily find the source of the security risk or exposure. And using real-time risk insights, you can also apply the right protections to minimize future vulnerabilities. Data Security Investigations is also integrated with Microsoft Defender incident management as part your broader SOC toolset. Nick Robinson, Microsoft Purview Principal Product Manager, joins Jeremy Chapman to share how to enhance your ability to safeguard critical information. ► QUICK LINKS: 00:00 - Microsoft Purview Data Security Investigations 01:00 - Risks of data theft & data leaks 03:20 - Start an investigation 04:45 - Results of an investigation 06:15 - Vector-based search & semantic indexing 08:00 - Use AI for the investigation 09:21 - Map activities 10:44 - Connect SOC & Data Security teams 11:21 - Known leaked information 12:26 - Steps to get DSI up and running 13:15 - Wrap up ► Link References Get started at https://aka.ms/DataSecurityInvestigations Stay up-to-date with our blog at https://aka.ms/DSIBlog ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
In this episode of the InfosecTrain podcast, we delve into the concept of Enterprise Security Architecture (ESA) and explore how cybersecurity architecture operates within organizations. ESA is a comprehensive framework that integrates security principles into an organization's overall architecture, aiming to protect data, systems, and networks from threats and vulnerabilities. Our experts discuss the core components of ESA, including preventive, detective, and corrective controls, and how these elements align with business objectives to enhance organizational goals.
How big is the network security market? Is it growing? How is that growth measured? What effect is SASE having on security spending? Will security products or security operators get more effective thanks to AI? We put these and other questions to Mauricio Sanchez. He’s Sr. Director, Enterprise Security and Networking at the Dell’Oro Group, a... Read more »
How big is the network security market? Is it growing? How is that growth measured? What effect is SASE having on security spending? Will security products or security operators get more effective thanks to AI? We put these and other questions to Mauricio Sanchez. He’s Sr. Director, Enterprise Security and Networking at the Dell’Oro Group, a... Read more »
The latest episode of the On Location series, recorded at ThreatLocker's Zero Trust World 2025 in Orlando, brings forward a deep and practical conversation about implementing Zero Trust principles in real-world environments. Hosted by Marco Ciappelli and Sean Martin, this episode features Avi Solomon, CIO of a law firm with nearly 30 years in IT and a strong focus on cybersecurity.The Journey to Proactive SecurityAvi Solomon shares his experience transitioning from traditional security models to a proactive, preventive approach with ThreatLocker. With a background in engineering, consulting, and security (CISSP certified), Solomon outlines his initial concerns with reactive endpoint detection and response (EDR) solutions. While EDR tools act as a secondary insurance policy, he emphasizes the need for a preventive layer to block threats before they manifest.Solomon's firm adopted ThreatLocker a year ago, replacing a legacy product to integrate its proactive security measures. He highlights the platform's maturation, including network control, storage control, application whitelisting, and cloud integration. The shift was not only a technological change but also a cultural one, aligning with the broader philosophy of Zero Trust—approaching security with a mindset that nothing within or outside the network should be trusted by default.Implementing Zero Trust with EaseA standout moment in the episode is Solomon's recount of his implementation process. His conservative approach included running ThreatLocker in observation mode for two months before transitioning fully to a secure mode. When the switch was finally flipped, the result was remarkable—zero disruptions, no pushback from users, and a smooth transition to a less risky security posture. Solomon attributes this success to ThreatLocker's intuitive deployment and adaptive learning capabilities, which allowed the system to understand normal processes and minimize false positives.Redefining Zero Trust: “Near Zero Trust”Solomon introduces a pragmatic take on Zero Trust, coining the term “Near Zero Trust” (NZT). While achieving absolute Zero Trust is an ideal, Solomon argues that organizations should strive to get as close as possible by layering strategic solutions. He draws a clever analogy comparing Zero Trust to driving safely before relying on a seatbelt—proactive behavior backed by reactive safeguards.Tune in to the full episode to explore more of Avi Solomon's insights, hear stories from the conference floor, and learn practical approaches to embedding Zero Trust principles in your organization's security strategy.Guest: Avi Solomon, Chief Information Officer at Rumberger | Kirk | On LinkedIn: https://www.linkedin.com/in/aviesolomon/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
This episode of the “On Location” series, recorded during ThreatLocker Zero Trust World 2025 in Orlando, features an insightful conversation with Amanda Makowsky, Solution Engineer at ThreatLocker. Amanda shares how ThreatLocker maintains a human touch in cybersecurity while delivering robust solutions for organizations of all sizes.The Human Element in TechnologyAmanda explains how ThreatLocker emphasizes human interaction from the first demo through implementation and beyond. When potential customers engage with ThreatLocker, they are assigned a dedicated Solution Engineer as their technical point of contact. Amanda highlights how this relationship extends beyond the sales process, ensuring partners have continuous support as they mature their security environments. Whether working with small businesses or large enterprises, the focus remains on personalized service and hands-on assistance.Support That Stands OutThreatLocker's commitment to human-centric support is evident through its 24/7 live helpdesk, staffed by real people in Orlando, Florida. Amanda notes the goal of responding to chat requests within a minute, providing immediate support without relying on bots or automated responses. This approach fosters trust and ensures that customers, regardless of their organization's size, receive timely and effective help.Customization and Real-World ImpactAmanda shares how every partner's environment is unique, requiring tailored solutions to accommodate different software, hardware, and operational needs. She emphasizes the importance of building specific and intentional roles within ThreatLocker's systems to match the diverse environments of their partners. The impact of this customization is profound, as partners express a sense of security that allows them to “sleep better at night.”Listen to this episode to explore how ThreatLocker combines technology with human connection, offering a refreshing perspective in the cybersecurity industry.Guest
At ThreatLocker Zero Trust World 2025 in Orlando, Chase Cunningham, often referred to as “Dr. Zero Trust,” delivered a thought-provoking session titled The Grand Delusion. The event, filled with IT professionals, managed service providers (MSPs), and small to midsize business (SMB) leaders, provided the perfect backdrop for a candid discussion about the state of cybersecurity and the real-world application of Zero Trust strategies.Challenging the Status QuoCunningham emphasized the need for businesses to adopt realistic cybersecurity practices that align with their resources and needs. He pointed out the pitfalls of smaller organizations attempting to emulate enterprise-level security strategies without the necessary infrastructure. “Cyber shouldn't be any different” than outsourcing taxes or other specialized tasks, he explained, advocating for MSPs and external services as practical solutions.Zero Trust as a Strategy, Not Just a TermThe session underscored that Zero Trust is not merely a buzzword but a strategic approach to security. Cunningham stressed the importance of questioning the validity of industry claims and seeking concrete data to support cybersecurity initiatives. He encouraged attendees to avoid being “delusional” by blindly accepting security solutions without a critical evaluation of their impact and effectiveness.Actionable Steps for Small BusinessesCunningham shared practical advice for implementing Zero Trust principles within smaller organizations. He recommended focusing on foundational controls like identity and access management, micro-segmentation, and application allow and block lists. He noted that achieving security is a journey, requiring a structured, strategic approach and an acceptance that immediate results are unlikely.The Future of Zero TrustLooking ahead, Cunningham expressed optimism about the continued evolution of Zero Trust. He highlighted its growing global significance, with his upcoming engagements in Taiwan, Colombia, and Europe serving as evidence of its widespread adoption. Ultimately, he framed Zero Trust as not only a business imperative but a fundamental human right in today's digital world.Tune in to this episode to hear more insights from Chase Cunningham and explore what Zero Trust means for businesses of all sizes.Guest
Protect your organization from account takeover and hiring fraud as deepfake impersonation threats grow. With Microsoft Entra Verified ID, you can use Face Check to verify identities in real time against government-issued IDs like driver's licenses and passports. Use Face Check with integrated solutions for • new employee, guest or admin onboarding • step-up authentication to access sensitive information • securing common helpdesk-driven tasks, like user account recovery Setup is simple and has been designed so that both the enterprise and the person verifying their identity maintain control—without storing or passing biometric information like other face matching solutions. Join Ankur Patel, from the Microsoft Entra team, as he demonstrates how Face Check with Verified ID works and how to set it up. ► QUICK LINKS: 00:00 - Face Check with Microsoft Entra Verified ID 00:54 - AI-powered identity verification 01:44 - First time user experience 03:21 - How it works 04:55 - Use cases 05:34 - Set it up 06:16 - Update an app for Face Check 06:43 - Access packages 08:18 - Wrap up ► Link References For more information, check out https://aka.ms/FaceCheckSetup Watch the complete playlist for Microsoft Entra Suite at https://aka.ms/EntraSuiteMechanics Access a list of identity verification providers at https://aka.ms/IDVpartners ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
IT and security teams are under constant pressure to streamline operations while maintaining strong security and compliance. In this Brand Story episode, Chase Doelling, Principal Strategist at JumpCloud, shares insights from the company's latest SME IT Trends Report. The discussion highlights key trends, challenges, and opportunities that IT teams face, particularly in small and medium-sized businesses (SMBs).The Role of IT in Business OperationsDoelling emphasizes the increasing responsibility placed on IT teams. Historically seen as cost centers, IT and security functions are now recognized as critical to business success. More organizations are merging IT and security efforts, ensuring that security considerations are built into every decision rather than being addressed reactively.A major takeaway from the report is the shift toward decentralization in IT decision-making. Departments are increasingly adopting tools independently, leading to an explosion of software-as-a-service (SaaS) applications. While this autonomy can boost efficiency, it also creates risks. Shadow IT—where employees use unauthorized tools—has become a top concern, with 88% of organizations identifying it as a risk.AI, Security, and IT InvestmentThe report also reveals a growing divide in AI adoption. Organizations are either moving aggressively into AI initiatives or staying completely on the sidelines. Those embracing AI often integrate it into security and IT operations, balancing innovation with risk management.Budget trends indicate that IT spending is rising, with security tools accounting for a significant portion. The need for robust cybersecurity measures has pushed organizations to prioritize visibility, access management, and compliance. A notable shift is occurring in remote and hybrid work models. While remote work surged in previous years, only 9% of organizations now report being fully remote. This return to office environments introduces new IT challenges, particularly in managing networks and devices across hybrid workplaces.How JumpCloud Supports IT TeamsJumpCloud's platform simplifies IT and security operations by unifying identity and access management, device management, and security policies. One key challenge IT teams face is visibility—knowing who has access to what systems and ensuring compliance with security policies. JumpCloud's approach allows organizations to manage users and devices from a single platform, reducing complexity and improving security posture.An example of JumpCloud's impact is its ability to detect and manage SaaS usage. If an employee tries to use an unauthorized tool, JumpCloud can guide them toward an approved alternative, preventing security risks without stifling productivity. This balance between security and efficiency is essential, particularly for SMBs that lack dedicated security teams.Looking Ahead: IT and Security ConvergenceDoelling teases upcoming research that will explore the relationship between IT and security teams. With these functions blending more than ever, organizations need insights into how to align strategies, resources, and budgets effectively.For IT and security professionals navigating a landscape of increased threats, shifting work environments, and AI-driven innovation, the insights from JumpCloud's research provide a valuable benchmark. To gain a deeper understanding of these trends and their implications, listen to the full episode and explore the latest SME IT Trends Report.Note: This story contains promotional content. Learn more. Guest: Chase Doelling, Principal Strategist, JumpCloud [@JumpCloud], On LinkedIn | https://www.linkedin.com/in/chasedoelling/ResourcesLearn more about JumpCloud and their offering: https://itspm.ag/jumpcloud-pg7zTo download the SME IT Trends Report: https://itspm.ag/jumpcljqywCatch more stories from JumpCloud at https://www.itspmagazine.com/directory/jumpcloudAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The second of our two-part roundup of a discussion on the impacts of artificial intelligence on investment operations hosted by CIBC Mellon, Accelex, and Meradia, featuring 30 senior leaders from Canadian pension plans, asset managers and insurance companies. Topics discussed in this episode include governance and risk, the shifting vendor oversight landscape as institutions seek to modernize their data protection and usage standards, the need to advance policy frameworks at both the institutional and societal level, AI impacts on human capital, and the outlook for the future. Participants: • Dr. Brian Charles, Head of Silver Lead Technology Advisors & director of MIT's executive AI and business strategy course via 2U/edX • Philip Mortimer, Chief Technology Officer, Accelex • Brian Buzzelli, Head of Data Practice, Meradia • Mike Plantinga, Vice President, Enterprise Security, CIBC Mellon • Hosted by Brent Merriman, Vice President, Marketing and Strategic Insights, CIBC Mellon This presentation contains the presenter's personal views and not those of CIBC Mellon or any other person. It may be considered advertising, and provides general information only and neither the presenter nor CIBC Mellon nor any other person are, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is intended for general informational purposes only. It may not be regarded as comprehensive nor as a substitute for professional advice. Before taking any particular course of action, contact your professional advisor to discuss these matters in the context of your particular circumstances. Neither the presenter nor CIBC Mellon accept responsibility for any loss or damage occasioned by your reliance on information contained in this presentation. ©2025 CIBC Mellon. CIBC Mellon is a licensed user of the CIBC trade-mark and certain BNY trade-marks, and is the corporate brand of CIBC Mellon Trust Company. None of CIBC Mellon Trust Company, CIBC, The Bank of New York Mellon Corporation and their affiliates make any representations or warranties as to its accuracy, currency or completeness, makes any commitment to update any information. No part of the presentation is an offer or solicitation in respect of any particular strategy and may not be construed as such. Services referred to may not be offered in all jurisdictions nor by all companies. CIBC Mellon does not provide investment or asset management services. This presentation, either in whole or in part, must not be reproduced nor referred to without the express written permission of CIBC Mellon. Trademarks, service marks and logos belong to their respective owners.
Join Automox's cybersecurity experts as they discuss the latest Patch Tuesday updates, focusing on vulnerabilities in Active Directory, Hyper-V, and macOS 15.2. They highlight the importance of staying updated and the evolving threat landscape, particularly with the rise of phishing attacks and the need for robust security measures in enterprise environments.
This episode recaps a roundtable discussion hosted by CIBC Mellon, Accelex, and Meradia, featuring 30 senior leaders from Canadian pension plans, asset managers and insurance companies. Topics discussed include the state of the artificial intelligence industry, its potential impact on investment services, and concepts like return on intelligence (ROI) versus return on investment (ROI). The discussion also explores the significant opportunities AI offers organizations, the importance of preparing data and people for its adoption, the critical need for senior leadership engagement and support in advancing AI initiatives and more. Participants: Dr. Brian Charles, Head of Silver Lead Technology Advisors & director of MIT's executive AI and business strategy course via 2U/edX Philip Mortimer, Chief Technology Officer, Accelex Brian Buzzelli, Head of Data Practice, Meradia Mike Plantinga, Vice President, Enterprise Security, CIBC Mellon Hosted by Brent Merriman, Vice President, Marketing and Strategic Insights, CIBC Mellon Stay tuned for part 2. This presentation contains the presenter's personal views and not those of CIBC Mellon or any other person. It may be considered advertising, and provides general information only and neither the presenter nor CIBC Mellon nor any other person are, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is intended for general informational purposes only. It may not be regarded as comprehensive nor as a substitute for professional advice. Before taking any particular course of action, contact your professional advisor to discuss these matters in the context of your particular circumstances. Neither the presenter nor CIBC Mellon accept responsibility for any loss or damage occasioned by your reliance on information contained in this presentation. ©2025 CIBC Mellon. CIBC Mellon is a licensed user of the CIBC trade-mark and certain BNY trade-marks, and is the corporate brand of CIBC Mellon Trust Company. None of CIBC Mellon Trust Company, CIBC, The Bank of New York Mellon Corporation and their affiliates make any representations or warranties as to its accuracy, currency or completeness, makes any commitment to update any information. No part of the presentation is an offer or solicitation in respect of any particular strategy and may not be construed as such. Services referred to may not be offered in all jurisdictions nor by all companies. CIBC Mellon does not provide investment or asset management services. This presentation, either in whole or in part, must not be reproduced nor referred to without the express written permission of CIBC Mellon. Trademarks, service marks and logos belong to their respective owners.
2024 was a big year for enterprise cybersecurity incidents but SMBs are not immune from these attacks. Shira Rubinoff is joined by Jason Rolleston, VP & GM at Broadcom's Enterprise Security Group on this episode of Six Five On The Road. They discuss Symantec by Broadcom and Carbon Black by Broadcom and the shifting dynamics of cybersecurity in the current digital age, particularly for small and mid-sized businesses. Highlights include: The sophisticated cyber threats that target large enterprises, resulting in substantial financial losses as well as disruption to organizations and critical services The changing landscape of cybersecurity threats targeting small and mid-sized businesses The critical importance of robust, foundational security measures in protecting against sophisticated cyber-attacks
How do businesses navigate the growing security risks in a world where employees work from anywhere, on any device, with apps IT departments might not even know about? In this special episode of Tech Talks Daily, recorded live at Web Summit in Lisbon, I sit down with Jeff Shiner, CEO of 1Password—a $6.8 billion Canadian-based security company trusted by over 100,000 businesses worldwide. Jeff shares how 1Password is redefining security through its innovative Extended Access Management platform, tackling challenges that have emerged with the rise of hybrid work, shadow IT, and the widespread adoption of SaaS tools. At a time when the “access trust gap” between employers and employees poses significant risks, Jeff outlines how businesses can close this gap by securing every sign-in, device, and app, without compromising productivity. Our conversation explores the dual role of AI in cybersecurity: both as a potential threat and as a productivity enhancer. Jeff explains how 1Password leverages generative AI to improve customer support and address evolving enterprise needs. We also discuss the future of security, from integrating seamlessly with tools like Azure AD and Slack to meeting the growing demand for user-friendly solutions that employees willingly adopt—creating a win-win for both individuals and organizations. With a focus on making security intuitive, reducing friction for users, and empowering businesses to thrive in today's fast-paced digital environment, Jeff provides invaluable insights into how 1Password is shaping the future of enterprise security. As we delve into these pressing topics, one key question remains: how can companies balance security and productivity in an ever-evolving threat landscape? Let me know your thoughts, and stay tuned for more conversations from Web Summit!
IBM recently reported a 71% year-over-year increase in attacks using valid credentials. This continued use of stolen credentials is also evident through ongoing public incidents like the string of attacks targeting Snowflake's customers that resulted in breaches at AT&T and Advanced Auto Parts. Lynsey Wolf, Team Lead and Insider Threat Analyst at DTEX Systems believes that users' psychological and behavioral traits are being overlooked when it comes to defending against credential misuse. In this episode, we discuss how best to mitigate such threats using a proactive approach to insider risk management by focusing on user behavior and indicators rather than just incident response.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/cybersecurity-resources/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712Latest Publications: Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparedness"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024. Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024Preventing Security Breaches Must Start at the TopMission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemicLatest Webinars & Podcasts with Dr. Chatterjee as the GuestCybersecurity Readiness: Essential Actions For CXOs, August 12, 2024
Guest: Sarah Armstrong-Smith, Chief Security Advisor, MicrosoftOn LinkedIn | https://www.linkedin.com/in/sarah-armstrong-smithOn Twitter | https://twitter.com/sarahasmith75Host: Dr. Rebecca WynnOn ITSPmagazine
In this episode of Tech Sales Insights, Randy Seidl is joined by Greg Brown, chairman and CEO of Motorola Solutions, to discuss his transformative leadership journey with host Randy. Greg shares his approach to decision-making, mentorship, and the critical role of clear communication. Reflecting on Motorola's significant growth through over 40 acquisitions and a 1400% increase in shareholder returns, he underscores the importance of customer engagement and listening over telling in sales. The episode also explores effective team dynamics, a meritocratic management approach, and the value of diverse perspectives. With insights on navigating Quarterly Business Reviews (QBRs), sales leadership, and genuine communication, Greg emphasizes resilience, adaptability, and the importance of continuous learning and authenticity in leadership. The discussion includes personal anecdotes, lessons from industry leaders, and the significance of integrating knowledge with wisdom for successful decision-making.KEY TAKEAWAYSTransformational Leadership: Under Greg's tenure, Motorola has made significant transformations including over 40 acquisitions and a 1400% total shareholder return.Sales and Customer Engagement: Emphasis on real, unfiltered feedback from customers and the importance of CEOs engaging directly with sales calls.Decision-Making Philosophy: Effective managers should listen and make data-driven decisions but also rely on gut feelings when necessary.Team Dynamics: Encourages a culture of candid feedback, adaptability, and resilience; mentorship and nurturing talent within the team are crucial.Leadership Style: Combining knowledge and wisdom, balancing fact and intuition, and continuously learning and challenging conventional thinking.Values and Culture: Family-oriented, values-driven leadership with a focus on integrity, energy, and positivity.Lessons from Experience: Reflecting on mistakes made early in his career, Greg highlights the importance of transparency, communication, and appreciating company culture.QUOTES- "Wisdom is experience." - Greg Brown- "Don't read the label. You'll never have it." - Greg Brown- "At the end of the day, there's always an intuition." - Randy Seidl- "It doesn't matter where we're from. It matters where we're going." - Greg Brown- "When you're the senior person in the room, speak less, speak last." - Greg Brown - "You learn by your mistakes." - Greg Brown- "It's not the cards you're dealt. It's how you play the hand." - Greg Brown- "People say Oh, you're a very good communicator. You're good on your feet. That has nothing to do with it." - Greg BrownFind out more about Greg Brown through the links below:https://www.motorolasolutions.com/newsroom/leadership/greg-brown.htmlThis episode is sponsored by Sandler. Sandler is a world leader in innovative sales, leadership, and management training. For more than 50 years, Sandler has taught its distinctive, non-traditional selling system and highly effective sales training methodology, which has helped salespeople and sales managers take charge of the process.
Kicking off our series of Six Five Media at Smartsheet ENGAGE with host Keith Townsend, who is joined by Smartsheet's Chris Peake, CISO & SVP, Information Security. Their conversation covers why modern businesses require enterprise-grade security, the evolving landscape of enterprise security, the impact of AI on cybersecurity, and the future trends IT leaders should prepare for. Their discussion covers: The definition of enterprise-grade security and its critical significance The future of responsible AI and its implications for CISOs today, along with the opportunities it presents Major AI-related threats in enterprise technology and other significant threats businesses must anticipate Market trends in the security domain as observed by a CIO and the developments anticipated in the near to mid-term future Chris Peake's personal favorite feature in Smartsheet and how it enhances security measures
In this episode, Amy and Brad sit down with Michael Chan to discuss WorkOS, a tool simplifying authentication and authorization for developers. They explore how WorkOS makes complex processes like OAuth, SSO, and MFA easy to implement, compare it to other auth providers, and dive deep into AuthKit's capabilities.SponsorsWorkOS - WorkOS helps you launch enterprise features like SSO and user management with ease. Thanks to the AuthKit for JavaScript, your team can integrate in minutes and focus on what truly matters—building your app.Show Notes00:00 - Intro01:15 - Introduction to WorkOSWorkOSAuthKitWorkOS on YouTube02:23 - Comparing WorkOS with Competitors03:50 - Features of WorkOS AuthKit06:53 - WorkOS's Evolution and Target Audience09:30 - Challenges in Implementing Auth Solutions10:30 - Should Developers Build Their Own Auth?Selma's Blog Post: One Does Not Simply Delete Cookies12:50 - The Cascade of Auth Decisions: Emails and Databases14:22 - WorkOS Integration with Astro and Remix19:50 - Key Benefits of WorkOS for Developers22:00 - Integrating AuthKit with Next and RemixSam Selikoff's YouTube Video on WorkOS + AuthKit + Remix: Using AuthKit's Headless APIs in Remix24:01 - Challenges in Documentation for DevelopersDivio's Guide to Documentation33:06 - The Future of Documentation and AI's Role35:00 - Wrap-up
In this episode of the Security Swarm Podcast, host Andy Syrewicze and guest Romain Basset dive into the top spear phishing methods used in both the enterprise space and across all businesses, based on internal research conducted by Hornetsecurity. The conversation covers spear phishing techniques, including initial contact, tax/W2, C-suite/CEO, lawyer, banking, and gift card fraud. They analyze the differences in the prevalence of these methods between enterprises and smaller businesses and provide insights on how organizations can combat these threats through training and robust processes. Do you want to join the conversation? Join us in our Security Lab LinkedIn Group! Key Takeaways: Spear phishing attacks have evolved from obvious wire transfer requests to more subtle techniques like initial contact fraud, where threat actors establish a relationship to build credibility. Tax fraud and W-2 phishing remain prevalent, especially around tax season, as attackers try to obtain personal information like Social Security numbers. C-suite fraud, where attackers impersonate executives, continues to be a major threat, highlighting the importance of robust processes to verify requests. Lawyer fraud, targeting enterprises more than smaller businesses, leverages the credibility of legal communications to extort money or gather information. Gift card fraud has emerged as the top spear phishing attack across enterprises and smaller businesses, as it is less likely to raise red flags than larger financial transactions. Adaptability and creativity of threat actors are key factors, as they continuously evolve their techniques to bypass security measures and user awareness. Timestamps: (03:26) Discussion on initial contact fraud (07:12) Exploration of tax fraud and W-2 phishing (13:35) Examination of C-suite fraud and the importance of processes (19:25) Lawyer Fraud and Enterprise vs. SMB Differences (23:47) Banking Fraud and Processes (26:39) Gift Card Fraud Episode Resources: Security Lab LinkedIn Group What is a Spear Phishing attack? The Top 5 Spear Phishing Examples and Their Psychological Triggers -- Hornetsecurity's Phishing Simulation, as part of its Security Awareness Service, is invaluable for organizations looking to protect themselves from the evolving spear phishing threats discussed in this episode. This solution provides realistic phishing simulations and comprehensive security awareness training, enabling employees to recognize and respond effectively to spear phishing attempts. By fostering a culture of security awareness, SAS is crucial for businesses aiming to strengthen their overall security posture and mitigate the risk of successful phishing attacks.
A proactive approach to third-party risk - continuous monitoring of suppliersUsing threat intelligence to identify third-party riskEffectively working with partners to mitigate third-party security risksThis episode is hosted by Thom Langfordhttps://www.linkedin.com/in/thomlangford/Chuck Brooks, Adjunct Professor, Georgetown Universityhttps://www.linkedin.com/in/chuckbrooks/Victoria van Roosmalen, CISO & CPO, Coostohttps://www.linkedin.com/in/victoriavanroosmalen/Stuart Frost, Head of Enterprise Security & RIsk Management, Department for Work & Pensionshttps://www.linkedin.com/in/stuart-frost-bem/Andy Grayland, CISO, Silobreakerhttps://www.linkedin.com/in/dr-andy-g-1b90b4150/
Reddit's head of application security Matt Johansen joins Dennis Fisher to talk about the highlights of Black Hat USA, the challenges of sorting security priorities in a large enterprise, and how he's learned to take care of his mental health after many years in the security industry.
Send me a Text Message hereFULL SHOW NOTES https://podcast.nz365guy.com/584 Discover the latest in AI-driven advancements and managed environments within Microsoft's Power Platform in our latest episode of the Copilot Show. We had an enlightening chat with Ryan Jones, a partner director of product management at Microsoft, who shared his incredible journey from the Common Data Service days to the robust Dataverse. Ryan's passion for enhancing enterprise-scale applications and integrating AI with Copilot shines through as he shares exciting updates on governance and security advancements made over the past year. Get an insider's look at the balance Ryan maintains between his professional life and personal time at his beach cabin or hosting large gatherings at home.Unlock the secrets behind Microsoft's extensive IP security investments specifically designed for financial institutions and enterprises. Ryan takes us through the alignment of security controls with established models, policy-based configurations, and the innovative environment routing that offers developers personalized environments with tailored security policies. These advancements reduce dependence on default environments, elevating overall governance and security. We delve deep into the specific measures like customer-managed key vaults, HSMs, and virtual network connectivity to ensure comprehensive risk management.In our discussion on licensing, we break down the tangible benefits of premium licenses over basic ones within managed environments. With examples ranging from historical hypervisor wars to modern tools like Power Automate Desktop, we illuminate the critical balance between fostering creativity and maintaining control. Ryan provides strategies for persuading organizations to adopt premium licenses, showcasing how they can harness richer security features and manage their environments more effectively. To wrap things up, Mark extends an invitation to listeners to suggest future guests from Microsoft, ensuring our content remains engaging and community-driven.90 Day Mentoring Challenge 10% off code use MBAP at checkout https://ako.nz365guy.comSupport the Show.If you want to get in touch with me, you can message me here on Linkedin.Thanks for listening
In this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and software supply chain security.One of the core strengths of ArmorCode's platform is its ability to ingest data from a multitude of sources, normalize it, and contextualize the risk for better prioritization. Lambert notes that understanding both the technical and business context of vulnerabilities is essential for effective risk management. This dual approach helps organizations avoid the 'fire drill' mentality, focusing instead on business-critical assets first.The conversation also touches on the breadth of ArmorCode's integrations, which include not just technical tools but also commercial and open-source threat intelligence feeds. This variety allows for a robust and nuanced understanding of an organization's security posture. By correlating data across different tools using AI, ArmorCode helps in identifying vulnerabilities and weaknesses that could otherwise remain hidden.Lambert emphasizes the platform's ability to streamline interactions between security and development teams. By bringing together data from various sources and applying risk scoring, ArmorCode aids in engaging development teams effectively, often leveraging integrations with tools like Jira. This engagement is pivotal for timely remediation and reducing organizational risk.One of the exciting developments Lambert shares is ArmorCode's recent launch of AI-driven remediation capabilities. These capabilities aim to provide not just immediate fixes but strategic insights for reducing future risks. He explains that while fully automated remediation may still involve human oversight, AI significantly reduces the time and effort required for resolving vulnerabilities. This makes the security process more efficient and less burdensome for teams.The episode concludes with Lambert discussing the significant adoption of AI functionalities among ArmorCode's customer base. With over 90% adoption of their AI correlation features, it's clear that businesses are seeing real-world benefits from these advanced capabilities. Lambert believes that the integration of AI into security practices is moving past the hype phase into delivering meaningful outcomes.This insightful episode underscores the importance of comprehensive, AI-driven solutions in today's security landscape. With experts like Mark Lambert at the helm, ArmorCode is leading the charge in making application security more integrated, intelligent, and efficient.Learn more about ArmorCode: https://itspm.ag/armorcode-n9tNote: This story contains promotional content. Learn more.Guest: Mark Lambert, Chief Product Officer, ArmorCode [@code_armor]On LinkedIn | https://www.linkedin.com/in/marklambertlinkedin/ResourcesLearn more and catch more stories from ArmorCode: https://www.itspmagazine.com/directory/armorcodeView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode recorded during Black Hat USA 2024, host Sean Martin sat down with Mark Lambert of ArmorCode to discuss the evolving challenges and innovative strategies in application security and vulnerability management.ArmorCode stands out in its field by not being just another scanner but by integrating with an organization's existing tool ecosystem. Lambert explains that their platform connects with over 250 different source tools, from threat modeling to endpoint security, to provide comprehensive visibility and risk scoring. This integration is crucial for automating remediation workflows downstream and supporting various use cases, including vulnerability management and software supply chain security.One of the core strengths of ArmorCode's platform is its ability to ingest data from a multitude of sources, normalize it, and contextualize the risk for better prioritization. Lambert notes that understanding both the technical and business context of vulnerabilities is essential for effective risk management. This dual approach helps organizations avoid the 'fire drill' mentality, focusing instead on business-critical assets first.The conversation also touches on the breadth of ArmorCode's integrations, which include not just technical tools but also commercial and open-source threat intelligence feeds. This variety allows for a robust and nuanced understanding of an organization's security posture. By correlating data across different tools using AI, ArmorCode helps in identifying vulnerabilities and weaknesses that could otherwise remain hidden.Lambert emphasizes the platform's ability to streamline interactions between security and development teams. By bringing together data from various sources and applying risk scoring, ArmorCode aids in engaging development teams effectively, often leveraging integrations with tools like Jira. This engagement is pivotal for timely remediation and reducing organizational risk.One of the exciting developments Lambert shares is ArmorCode's recent launch of AI-driven remediation capabilities. These capabilities aim to provide not just immediate fixes but strategic insights for reducing future risks. He explains that while fully automated remediation may still involve human oversight, AI significantly reduces the time and effort required for resolving vulnerabilities. This makes the security process more efficient and less burdensome for teams.The episode concludes with Lambert discussing the significant adoption of AI functionalities among ArmorCode's customer base. With over 90% adoption of their AI correlation features, it's clear that businesses are seeing real-world benefits from these advanced capabilities. Lambert believes that the integration of AI into security practices is moving past the hype phase into delivering meaningful outcomes.This insightful episode underscores the importance of comprehensive, AI-driven solutions in today's security landscape. With experts like Mark Lambert at the helm, ArmorCode is leading the charge in making application security more integrated, intelligent, and efficient.Learn more about ArmorCode: https://itspm.ag/armorcode-n9tNote: This story contains promotional content. Learn more.Guest: Mark Lambert, Chief Product Officer, ArmorCode [@code_armor]On LinkedIn | https://www.linkedin.com/in/marklambertlinkedin/ResourcesLearn more and catch more stories from ArmorCode: https://www.itspmagazine.com/directory/armorcodeView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX's innovative approach to browser security and its relevance in today's cybersecurity landscape.Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this Brand Story episode, Sean Martin gets to chat with Vivek Ramachandran, Co-Founder and CEO of SquareX, at the Black Hat USA conference in Las Vegas. The discussion centers around SquareX's innovative approach to browser security and its relevance in today's cybersecurity landscape.Vivek explains that SquareX is developing a browser-native security product designed to detect, mitigate, and hunt threats in real-time, specifically focusing on the online activities of enterprise employees. This solution operates entirely within the browser, leveraging advanced technologies like WebAssembly to ensure minimal impact on the user experience.The conversation shifts to the upcoming DEF CON talk by Vivek, titled “Breaking Secure Web Gateways for Fun and Profit,” which highlights the seven sins of secure web gateways and SASE SSE solutions. According to Vivek, these cloud proxies often fail to detect and block web attacks due to inherent architectural limitations. He mentions SquareX's research revealing over 25 different bypasses, emphasizing the need for a new approach to tackle these vulnerabilities effectively.Sean and Vivek further discuss the practical implementation of SquareX's solution. Vivek underscores that traditional security measures often overlook browser activities, presenting a blind spot for many organizations. SquareX aims to fill this gap by providing comprehensive visibility and real-time threat detection without relying on cloud connectivity.Vivek also answers questions about the automatic nature of the browser extension deployment, ensuring it does not disrupt day-to-day operations for users or IT teams. Additionally, he touches on the importance of organizational training and awareness, helping security teams interpret new types of alerts and attacks that occur within the browser environment.Towards the end of the episode, Vivek introduces a new attack toolkit designed for organizations to test their own secure web gateways and SASE SSE solutions, empowering them to identify vulnerabilities firsthand. He encourages security leaders to use this tool and visit a dedicated website for practical demonstrations.Listeners are invited to connect with Vivek and the SquareX team, especially those attending Black Hat and DEF CON, to learn more about this innovative approach to browser security.Learn more about SquareX: https://itspm.ag/sqrx-l91Note: This story contains promotional content. Learn more.Guest: Vivek Ramachandran, Founder, SquareX [@getsquarex]On LinkedIn | https://www.linkedin.com/in/vivekramachandran/ResourcesLearn more and catch more stories from SquareX: https://www.itspmagazine.com/directory/squarexView all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegasAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries and the best entry points into the field. Next, we tackle the critical issues plaguing the cybersecurity industry despite its rapid growth and increased influence at the board level. We ask why, despite ample resources, are failures more prevalent than ever? Lastly, we cover significant news in enterprise security, including the rumored historic acquisition of Wiz by Google, recent company acquisitions, and the evolving concept of shared responsibility in cybersecurity. Join us for a comprehensive discussion that spans career guidance, industry analysis, and the latest news in enterprise security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-368
In this episode of Enterprise Security Weekly, we revisit the insightful book "Jump-start Your SOC Analyst Career" with authors Jarrett Rodrick and Tyler Wall, exploring updates on career paths, opportunities, and the industry's reality. We delve into the myths versus the truths about cybersecurity careers, discussing the viability of high salaries and the best entry points into the field. Next, we tackle the critical issues plaguing the cybersecurity industry despite its rapid growth and increased influence at the board level. We ask why, despite ample resources, are failures more prevalent than ever? Lastly, we cover significant news in enterprise security, including the rumored historic acquisition of Wiz by Google, recent company acquisitions, and the evolving concept of shared responsibility in cybersecurity. Join us for a comprehensive discussion that spans career guidance, industry analysis, and the latest news in enterprise security. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-368
On this episode of The Cybersecurity Defenders Podcast, we speak with Kane Narraway, Head of Enterprise Security at Canva, about Zero Trust architecture.Kane brings over a decade of experience to the table, specializing in enterprise security, cloud security, and risk management. He's known for his groundbreaking work in building zero trust architectures at some of the world's largest tech companies, often from scratch during the early days of zero trust when solutions were not readily available.Kane's career is marked by notable achievements, including integrating multi-billion dollar acquisitions and establishing robust security frameworks for regulations like SOC2, PCI-DSS, and HIPAA. He's not only a director who has scaled technology companies from startup to enterprise level but also a passionate leader who has nurtured diverse teams, promoting autonomy and inclusivity. Outside of his direct work, Kane is dedicated to giving back to the community—whether it's sharing cybersecurity insights, mentoring at boot camps, or volunteering at conferences. Join us as we gain insights from his extensive experience and innovative approaches to tackling some of the most complex challenges in cybersecurity today.Kane's blog can be found here.
Prioritize incidents based on data significance, detect insider risks, and adapt protections in real-time with Microsoft Defender XDR and Microsoft Purview. Customize thresholds and risk indicators to detect anomalous behavior and prevent potential breaches with Adaptive Protection. Receive real-time DLP alerts triggered by policy matches, ensuring immediate action to safeguard sensitive data. Gain comprehensive visibility into threats and enforce policies across all devices and applications. Sravan Kumar Mera, Principal Product Manager for Microsoft Purview shares how to stay ahead of evolving threats and maintain data integrity. ► QUICK LINKS: 00:00 - Prioritize security incidents based on data importance 00:42 - High severity multistage incident 01:29 - DLP alerts 02:24 - Insider risk activity summary 03:30 - Set up data security foundation 04:47 - Adaptive Protection 05:50 - DLP policy & Conditional Access 06:33 - Wrap up ► Link References Get started at https://purview.microsoft.com Watch our data security playlist at https://aka.ms/datasecuritymechanics ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Amidst the buzzing atmosphere of RSA Conference 2024, Sean Martin, host an On Location Brand Story With ITSPmagazine, engages in a thought-provoking discussion with Vishal Gupta, co-founder of Seclore. The theme of this year's conference, the Art of Possible, sets the stage for a conversation that unravels the critical role of data in driving business innovation and success.Protecting Data in the New Technological LandscapeVishal Gupta sheds light on the importance of ensuring that security and collaboration align seamlessly, emphasizing that CISOs and security teams must work in harmony to foster a secure yet conducive business environment. In a world where data sprawls across diverse platforms and devices, the focus on data protection emerges as a paramount necessity to mitigate risks and safeguard critical assets.Shifting from Infrastructure to Data ProtectionThe dialogue navigates towards a fundamental shift from traditional infrastructure protection to data-centric security. Gupta highlights the challenges that arise when enterprises grapple with securing an ever-expanding volume of data across varied networks, devices, and applications. The conversation underscores the significance of transitioning towards a data-centric approach to address the inherent vulnerabilities in contemporary cybersecurity frameworks.Enabling Secure Data Collaboration with SecloreBy introducing the innovative concept of embedding security, privacy, and compliance directly into the data itself, Seclore revolutionizes the paradigm of data sharing and collaboration. Gupta elucidates how organizations can enforce personalized security policies, regulate data access, and monitor data interactions in real-time to prevent unauthorized usage and ensure data integrity.Navigating the Path to Data-Centric SecurityAs enterprises embark on the journey towards data-centric security, Gupta emphasizes the importance of meticulous planning and strategic implementation. By focusing on targeted use cases and achieving early wins, organizations can gradually scale their data protection initiatives and cultivate a culture of data-centricity within their operations.The enriching discussion between Sean Martin and Vishal Gupta showcases the transformative potential of data-centric security solutions in the realm of cybersecurity. For further insights and collaboration opportunities with Seclore, connect with them on LinkedIn, on their website, or meet them at upcoming industry events.Learn more about Seclore: https://itspm.ag/seclore-km6r Note: This story contains promotional content. Learn more.Guest: Vishal Gupta, CEO, Seclore [@secloretech]On LinkedIn | https://www.linkedin.com/in/jiguptaji/ResourcesLearn more and catch more stories from Seclore: https://www.itspmagazine.com/directory/secloreView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Whether or not you're familiar with shadow IT, know this: it's everywhere. Our guest this week, Charlie Livingstone, shines a light on the growing problem of shadow IT and how Wagestream are managing the risks it poses. Sit down with Roo and Charlie, as they unpack what shadow IT actually is, the growing challenges associated with it, and what we can do to safeguard ourselves and our organizations.
Effectively managing information security for any enterprise can be a challenge, but airlines have to deal with the compounding effects of regulations in multiple domains, life safety issues and much more. Air New Zealand CISO, Phil Ross, joins host Eric Hanselman to discuss prioritizing cybersecurity efforts, the practical aspects of zero trust and the potential of new security architectures. Tackling technical debt can be struggle, particularly in risk averse areas, like aviation.
Join us for an insightful discussion on why diversity matters in cybersecurity roles with Joshua Copeland, Director of Enterprise Security with Bose Corporation! Have you ever wondered why diversity is crucial in the cybersecurity sector? Curious about the tangible benefits it brings to your organization? Look no further! Josh Copeland, a seasoned expert in cybersecurity and diversity advocate, will be sharing his invaluable insights, strategies, and real-world experiences in our upcoming recording session. In a rapidly evolving digital landscape, diversity isn't just a buzzword; it's a game-changer. Discover how diverse teams bolster innovation, problem-solving, and overall resilience in the face of cyber threats. Don't miss out on this opportunity to gain actionable knowledge and perspectives that can revolutionize your approach to hiring in cybersecurity! Stay tuned for updates and sneak peeks leading up to the event. Spread the word and let's make strides together towards a more inclusive and secure future! hashtag#Cybersecurity hashtag#DiversityMatters hashtag#Innovation hashtag#InfoSec hashtag#Tech hashtag#Empowerment hashtag#CyberAware hashtag#InclusiveTech hashtag#JoshCopeland hashtag#ExpertInsights
Guests: Chloe Callahan, IT Operations Manager at Peninsula Truck Lines [@PeninsulaTL]On LinkedIn | https://www.linkedin.com/in/chloe-callahan-36822995/Antwan Banks, Director of Enterprise Security at NMFTA [@nmfta] On LinkedIn | https://www.linkedin.com/in/antwan-banks-cissp-cciso-cism-cisa-29465314/Dr. Jeremy Daily, Ph.D., P.E, Associate Professor of Systems Engineering, Colorado State University [@ColoradoStateU] On LinkedIn | https://www.linkedin.com/in/jeremy-daily-646750103/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinView This Show's Sponsors___________________________Episode NotesIn this installment of the Redefining CyberSecurity Podcast, host Sean Martin dives deep into the intricate world of trucking (large vehicle) cybersecurity. Sean brings together a panel of distinguished guests, each contributing unique insights from their respective positions in the trucking and cybersecurity realms. Attendees include Chloe Callahan, Operations Manager at Peninsula Truck Lines, and Antwan Banks, Director of Enterprise Security at NMFTA, alongside Jeremy Daly from Colorado State University, where he teaches systems engineering at the graduate level. The conversation uncovers the specialized cybersecurity challenges faced by the trucking industry. Despite the sector's pivotal role in maintaining the supply chain, it emerges that the requirements and threats it encounters are significantly distinct from those in more traditional IT environments.Callahan shares her journey towards recognizing the importance of cybersecurity through her engagement with NMFTA conferences, which fueled her dedication to educating her community about cybersecurity basics and beyond. Banks offers a compelling perspective from his experience in cyber defense and warfare, emphasizing the strategic implications of securing the trucking sector against potential nation-state attacks that aim to disrupt critical supply lines.The episode further explores the technological complexities inherent in the trucking industry, particularly concerning the integration of operational technology (OT) with information technology (IT) systems. Daly adds depth to the discussion by highlighting the evolving threat landscape and the importance of considering the entire lifecycle of trucking assets from a security standpoint. He also sheds light on initiatives like the Cybertruck Challenge, designed to foster talent and awareness in tackling these unique cybersecurity challenges.The panel also addresses the vital role of education and proactive cybersecurity practices, underscoring the significance of comprehensive incident response planning, which extends to responding to cybersecurity incidents affecting the physical operation of trucks. Through their dialogue, the importance of community, information sharing, and collaboration across industries to enhance cybersecurity readiness emerges clear.Overall, the episode offers an enlightening exploration of cybersecurity's critical place within the trucking industry, stressing the necessity for vigilance, preparedness, and community cooperation to safeguard vital supply chains against sophisticated cyber threats.Key Questions AddressedWhat is the current state of cybersecurity in the trucking sector?How does cybersecurity in trucking impact food supply chain safety?What strategies are being implemented to improve cybersecurity within trucking?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
We dissect leadership lessons from across vastly different scales of eng orgs – ranging from 13,000-people companies to 10-person start-ups – with Jeremy Burton, CEO @ Observe. He shares how he effectively translated leadership skills from working at large-scale orgs to small, early-stage start-ups & addresses challenges faced when scaling at any point. Jeremy covers start-up strategies for bringing your eng teams closer to your customers & driving innovation at large-scale orgs; characteristics of eng leaders that promote successful scaling; gaining & communicating conviction; driving community engagement & building trust within developer communities; and more.ABOUT JEREMY BURTONJeremy Burton is the chief executive officer of Observe, Inc. Prior to Observe, Jeremy was Executive Vice President, Marketing & Corporate Development of Dell Technologies, and served in various leadership roles at EMC prior to Dell. A 20-year veteran of the IT industry, Jeremy joined EMC from Serena Software, where he was President and CEO. Previous to Serena, he led Symantec's $2 billion Enterprise Security product line as Group President of Security and Data Management. Jeremy also served as Veritas' Executive Vice President of Data Management Group and Chief Marketing Officer. Earlier in his career, he spent nearly a decade at Oracle as Senior Vice President of Product and Services Marketing. Jeremy is currently a member of the board of directors at Snowflake, a seat he's held since 2015, and maintains a part-time role on the advisory board at McLaren Group."I hear so many times both in startups and bigger companies, 'Oh, we have a sales execution issue.' If your early sales team is not successful, it's never the sales team. It's always the product. Where bigger companies have built new products, they've probably taken it to market too soon and the salespeople will take it to a mature account. It won't be as mature as the other products. The customer will complain and the salespeople will hate it. It'll get a bad name and then it'll get killed. That's the typical mode of operation that I've seen in a large company, which is why you got to keep it a secret until you've got the MVP, then work with a small set of customers and set the right expectation. When you get it right, you've immediately got a distribution channel that you can scale. If you get it wrong, you'll never scale it and you'll just create a whole bunch of problems in your customer base.”- Jeremy Burton We now have 10 local communities of engineering leaders hosting in-person meetups all over the world!Local communities are led by eng leaders just like you, who wanted to create a place to connect, share insights & tackle critical challenges in the job.New York City, Boston, Chicago, Seattle, Los Angeles, San Diego, San Francisco, London, Amsterdam, and Toronto in-person events are happening now!We're launching local events all the time - get involved at elc.community!SHOW NOTES:Operating at a scale of 13,000 people vs. early stage with 10 (3:13)How Jeremy adapted to operating at vastly different scales (6:30)Transitioning from a back seat role to the front seat (8:32)Approaches to helping folks better operate in ambiguity & face the unknown (11:20)Cycles that gave Jeremy more confidence to operate in instability (14:26)The romanticization of start-ups & challenges with scaling (18:22)Why eng teams should work directly with customers at start-ups (21:14)Leveraging leadership at large orgs to bring eng teams closer to customers (24:36)Strategies for innovation at large-scale orgs (27:38)Dynamics at big companies that incentivize killing new projects (30:38)Characters of eng leaders that lead to successful scaling / innovation (32:56)Recommendations for gaining conviction & communicating that effectively (34:33)Conversation frameworks for creating alignment (37:43)How to create influence & community engagement for developers (38:55)Gaining trust within your community & exuding authenticity (42:10)Rapid fire questions (44:42)This episode wouldn't have been possible without the help of our incredible production team:Patrick Gallagher - Producer & Co-HostJerry Li - Co-HostNoah Olberding - Associate Producer, Audio & Video Editor https://www.linkedin.com/in/noah-olberding/Dan Overheim - Audio Engineer, Dan's also an avid 3D printer - https://www.bnd3d.com/Ellie Coggins Angus - Copywriter, Check out her other work at https://elliecoggins.com/about/
Ken and Seth are back to talk about the difference and competing priorities of Application and Enterprise Security. In short, recent news contends that Enterprise or Infrastructure security is lacking, whereas Application or Product Security is in a good state. This is followed by a discussion on supply chain security tools due to a recent analysis conducted by DoyenSec comparing false positives and negatives from the leading tools.
Protect your organization from insider threats with Microsoft Entra's Conditional Access and Adaptive Protection in Microsoft Purview. Automatically block access to critical assets when insider risk levels elevate, ensuring data security and compliance seamlessly. Set up custom policies based on risk levels and enforce strong authentication measures, safeguarding against data breaches. Gain control and visibility over insider activities without manual intervention, empowering proactive security measures. Erin Miyake, Microsoft Purview's Principal Product Manager shares how to enhance your data protection strategy. ► QUICK LINKS: 00:00 - Insider Risk in Conditional Access 00:41 - Extend Conditional Access 01:20 - Privacy-first approach 01:56 - Configure policy indicators 03:21 - Adapt protections based on changing risk 04:13 - Set custom policies 05:27 - Set a Conditional Access policy for moderate risk users 06:12 - Insider risk level changing over time 07:04 - Wrap Up ► Link References: For more about the policies you can set up go to https://aka.ms/IRM Mechanics Get started today at https://aka.ms/adaptiveprotection Watch our series on Insider Risk Management at https://aka.ms/IRMMechanics ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Transform your security posture to stop attacks before they happen using Microsoft's Security Exposure Management in Microsoft Defender. Identify and mitigate potential threats with a comprehensive view of your organization's attack surface, critical assets, and security events. Prioritize security efforts effectively with curated initiatives, automated alerts, and actionable insights, so you can close down vulnerabilities before they're exploited. Brjann Brekkan, Microsoft's Exposure Management Director, shows how to gain control over your security landscape and stay ahead of emerging threats. ► QUICK LINKS: 00:00 - Prevent incidents before they happen 00:39 - Unify data and signals with Security Exposure Management 02:07 - See the experience in the Microsoft Defender portal 02:56 - Identify business critical data and sensitive information 03:33 - Key initiatives 04:17 - Assign an initiative owner 05:07 - Visual mapping of potential attack paths 07:05 - Wrap Up ► Link References: Sign up for the preview at https://aka.ms/ExposureManagementpreview Check out https://aka.ms/ExposureManagementdocs ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Progress demands transformation. But in a digital-first world, with the velocity of change increasing every day, how do you know you're making the right kind of progress? How can you think big while juggling rising IT complexity, costs, and vulnerability?Welcome to The Progress Report, a podcast brought to you by Kyndryl, your partner for continuous innovation. Join us as we sit down with thought leaders, technologists, and creative problem solvers. We'll explore provocative ideas about to how to modernize IT for efficiency and growth, create differentiated experiences, secure a resilient business, and ensure you're always ready for change.Keep your finger on the pulse—listen to The Progress Report.
Antwan Banks, NMFTA's Director of Enterprise Security, highlights the evolving cyber threat landscape in the supply chain industry, identifying vulnerabilities and discussing reasons for increased susceptibility. The chat emphasizes NMFTA's ongoing initiatives to bolster cybersecurity, concluding with practical guidance for supply chain participants and the organization's resources for informed decision-making. Antwan Banks - Director of Enterprise Security - National Motor Freight Traffic Association Grace Sharkey - Staff Writer - FreightWaves Learn more about your ad choices. Visit megaphone.fm/adchoices
Once a boutique operation, New Belgium Brewing is now producing millions of barrels of beer. In this episode, Bill sits down with Adam Little, who has been with the company for nearly nine years and currently serves as Senior Manager, Enterprise Security and Compliance. They dive into how New Belgium has used edge technologies to scale their production to meet increasing demand and to improve their distribution processes.---------Key Quotes:“As we've grown over the years, we said look, the only way we can do this is looking at the data and really using our power of IT to drive that business forward. How can we save time in the brewing process? How can we get a couple more cans off the line? How can we get a couple more cases out the door? Are we brewing the right things at the right time so that we're prepared for demand?”“One thing's for sure, if you never collect the data you can't make the right decision with it.”--------Show Timestamps:(02:05) How technology supports beer production (06:15) Scaling production through automation(07:03) What data do they collect, and how do they collect it? (13:03) Using data to support distribution (19:03) Increasing canning speed and capacity (23:47) The process of automating (26:37) Processing data and determining what to keep (30:37) Identifying the business problem (37:23) What is next for New Belgium? --------Sponsor:Over the Edge is brought to you by Dell Technologies to unlock the potential of your infrastructure with edge solutions. From hardware and software to data and operations, across your entire multi-cloud environment, we're here to help you simplify your edge so you can generate more value. Learn more by visiting dell.com/edge for more information or click on the link in the show notes.--------Credits:Over the Edge is hosted by Bill Pfeifer, and was created by Matt Trifiro and Ian Faison. Executive producers are Matt Trifiro, Ian Faison, Jon Libbey and Kyle Rusca. The show producer is Erin Stenhouse. The audio engineer is Brian Thomas. Additional production support from Elisabeth Plutko and Eric Platenyk.--------Links:Follow Bill on LinkedInConnect with Adam Little on LinkedInLearn more about what New Belgium Brewing is doing at the edge: Video, Case Study